OpenSSL Fixes Two “High” Severity Vulnerabilities

OpenSSL has issued fixes for six vulnerabilities, including two flaws with a “high” severity rating.

On Tuesday, the corporate entity responsible for OpenSSL, a software library that helps to secure web communications against eavesdropping, published a security advisory in which it provides details on the two “high” severity vulnerabilities.

The first issue (CVE-2016-2108) consists of two bugs: one flaw where the ASN.1 encoder mishandles negative zero integers that was fixed back in April of 2015, and a second flaw by which the ASN.1 parser can misinterpret a large universal tag as a negative zero value.

Individually, the vulnerabilities have no security impact. But together, OpenSSL warns they can be used to cause memory corruption in the ASN.1 encoder:

“…[I]f an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations.”

The second “high” severity issue (CVE-2016-2107) allows a man-in-the-middle (MitM) actor to use a padding oracle attack to probe an encrypted message for clues about its plaintext content whenever the connection uses an AES CBC cipher and the server support AES-NI.

Attackers could potentially exploit this flaw, which was introduced as part of the fix for the Lucky 13 padding attack back in 2013, to steal login passwords encrypted over HTTPS.

As security expert Kenneth White toldArs Technica, these two vulnerabilities are at least partially due to OpenSSL’s reliance on older encryption schemes:

“Both of these bugs are the result of complex legacy interoperability which will be solved by moving off of known dangerous protocol constructions like CBC (which is mandatory under TLS 1.3), and by developing and adopting much less complex certificate encoding and parsing software.”